Details of VAR-202104-0437

ID

VAR-202104-0437

CVE

CVE-2021-22330

TITLE

Huawei P30 memory write out-of-bounds vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-24912

DESCRIPTION

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal. Huawei P30 is a smart phone of China's Huawei (Huawei) company. Attackers exploiting this vulnerability may cause a denial of service

Trust: 1.53

sources: NVD: CVE-2021-22330 // CNVD: CNVD-2021-24912 // VULMON: CVE-2021-22330

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-24912

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.131\(c00e130r1p21\)	Trust: 1.0
vendor:	huawei	model:	p30 9.1.0.131	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-24912 // NVD: CVE-2021-22330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22330
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-24912
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202103-1738
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22330
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-22330
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-24912
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22330
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-24912 // VULMON: CVE-2021-22330 // CNNVD: CNNVD-202103-1738 // NVD: CVE-2021-22330

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2021-22330

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1738

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1738

PATCH

title:	Patch for Huawei P30 memory write out-of-bounds vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/255966	Trust: 0.6
title:	Huawei P30 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146099	Trust: 0.6

sources: CNVD: CNVD-2021-24912 // CNNVD: CNNVD-202103-1738

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22330	Trust: 2.3
db:	CNVD	id:	CNVD-2021-24912	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1738	Trust: 0.6
db:	VULMON	id:	CVE-2021-22330	Trust: 0.1

sources: CNVD: CNVD-2021-24912 // VULMON: CVE-2021-22330 // CNNVD: CNNVD-202103-1738 // NVD: CVE-2021-22330

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en	Trust: 1.7
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210331-01-p30-cn	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22330	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-24912 // VULMON: CVE-2021-22330 // CNNVD: CNNVD-202103-1738 // NVD: CVE-2021-22330

SOURCES

db:	CNVD	id:	CNVD-2021-24912
db:	VULMON	id:	CVE-2021-22330
db:	CNNVD	id:	CNNVD-202103-1738
db:	NVD	id:	CVE-2021-22330

LAST UPDATE DATE

2024-11-23T21:50:55.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-24912	date:	2021-04-04T00:00:00
db:	VULMON	id:	CVE-2021-22330	date:	2021-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202103-1738	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-22330	date:	2024-11-21T05:49:55.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-24912	date:	2021-04-04T00:00:00
db:	VULMON	id:	CVE-2021-22330	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202103-1738	date:	2021-03-31T00:00:00
db:	NVD	id:	CVE-2021-22330	date:	2021-04-28T12:15:08.257